Security holes that led to the massive ransomware strike on Change Healthcare are also an opportunity for adaptable, tech-savvy entrepreneurs to exploit a huge cybersecurity market.

Countless private companies and public organizations in U.S. healthcare continue struggling to overcome last month’s massive cyberattack on UnitedHealth Group’s main clearinghouse operator, Change Healthcare. It laid bare the enormity of the online threat to the sector, whose myriad users of interconnected computer networks each represent a potential weak link for ransomware criminals to target.

Given the gigantic scope and multiple points of vulnerability, it may be that small businesses offer the best remedy for the problem. How better to cure the disease of cyber vulnerability than using the innovation, adaptation, and swift reaction to market demands that set smaller businesses apart?

FEATURED VIDEO An Inc.com Featured Presentation

That call to cyber-arms is one response tech-savvy entrepreneurs may have to Wednesday’s Washington Post report on the continued difficulties and rising expenses still flowing from the attack on Change Healthcare, and its ongoing struggles to restore services. On February 21, the company that processes some 15 billion annual health sector transactions reported its system had been hacked. The attack left many of its connected doctors, clinics, hospitals, and insurance partners unable to access patient files, send bills, or receive payments. Many of those businesses are private practitioners or independent pharmacies that received little to no help from insurance providers or government agencies amid the halting progress of efforts to restore services. But while those businesses now have no option but to slog through the aftermath of the Change Healthcare hack, their leaders can take steps to reduce the risk of future damage. They’ll need help from entrepreneurs, some of whom are already creating a collectively beneficial, targeted set of anti-hacking services tailored to the needs, functions, budgets, and varied security profiles of small and larger healthcare businesses.

The assumption arises from the Post ‘s description of the volunteer group Cyber Threat Intelligence League. Formed in the early months of the pandemic by online security geeks concerned by the rising threat to the healthcare system from opportunistic hackers, members went about remotely locating weak points in hospital and other sector networks. They then tried to warn those institutions and businesses, and suggested preventive action that could be taken–altruistic advice that was often brushed off by owners and administrators leery of scams.

“The league found that the best way to pass on tips and fixes was often through equipment and software vendors that already had a technical contact at the establishment,” the Post said. Yet those very vendors are frequently the doors through which ransomware attackers enter shared systems, the paper noted. So then, why aren’t these existing small cybersecurity businesses or aspiring tech entrepreneurs adapting their anti-piracy services to the enormous, disparate, and specific healthcare sector companies that remain vulnerable?

It’s certainly not for lack of demand.

According to USA Today, data breaches “exposed a record 133 million health records… (affecting) about 1 in 3 Americans.” The number of those hacks has risen steadily since the pandemic–especially with victims tending to pay millions for returned access. The millions dished up in those ransoms are just one example of how it’s also not for lack of funding.

Mordor Intelligence, an Indian market reserach firm, valued the U.S. cybersecurity market at $73.41 billion in 2023, with the business of providing insurance against hacks forcast to be worth $20 billion by 2025. Yet according to the Post, those services are often ill-adapted to the healthcare sector–whose numerous actors multiply the potential threats to shared networks. Even participants with big enough budgets to invest in effective security systems often find themselves being paid pennies for their losses from attacks on other companies in their networks.

According to a recent Axios article, the San Francisco area Therapy Group Marriage and Family Counseling practice suffered $350,000 in damages from the Change Healthcare hack that insurance doesn’t cover. Those expenses include “an emergency business loan with a 50 (percent) interest rate and from prematurely pulling investments from retirement accounts to make payroll,” as post-attack payments trickle in. How has it come to this? A blend of hostile lobbying efforts and government administrative sluggishness have prevented effective defensive, sector-wide measures from being adopted either as voluntary practice or a specific regulatory framework, according to the Post. Non-binding guidelines that are handed down are usually geared to large organizations, and are usually too expensive and inapplicable for the countless small companies involved.

That would be where private enterprises seem the logical hope for providing healthcare-specific, affordable defensive measures to various-sized clients that government directives can’t cover.